archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-15 08:33:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ruby/ext/openssl
History
nahi 3ff2f9f3a3 * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL 
option to prevent BEAST attack. See [Bug #5353].

  In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
  TLS-CBC-IV vulunerability described at
  http://www.openssl.org/~bodo/tls-cbc.txt
  It's known issue of TLSv1/SSLv3 but it attracts lots of attention
  these days as BEAST attack. (CVE-2011-3389)

  Until now ossl sets OP_ALL at SSLContext allocation and call
  SSL_CTX_set_options at connection.  SSL_CTX_set_options updates the
  value by using |= so bits set by OP_ALL cannot be unset afterwards.

  This commit changes to call SSL_CTX_set_options only 1 time for each
  SSLContext. It sets the specified value if SSLContext#options= are
  called and sets OP_ALL if not.

  To help users to unset bits in OP_ALL, this commit also adds several
  constant to SSL such as
  OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.  These constants were
  not exposed in Ruby because there's no way to unset bits in OP_ALL
  before.

  Following is an example to enable 0/n split for BEAST prevention.

    ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS

* test/openssl/test_ssl.rb: Test above option exists.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@34482 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-02-08 05:27:14 +00:00
..
lib * ext/openssl/lib/openssl/ssl.rb (class OpenSSL::SSL::SSLContext): 2011-11-09 23:45:39 +00:00
extconf.rb * ext/openssl/extconf.rb: remove checks for available functions. 2011-11-26 01:49:36 +00:00
openssl_missing.c * ext/openssl/extconf.rb 2011-06-26 01:32:03 +00:00
openssl_missing.h * ext/openssl/extconf.rb 2011-06-26 01:32:03 +00:00
ossl.c * Make sure to clear $! when ignoring an exception 2011-12-20 06:06:46 +00:00
ossl.h * ext/openssl/ossl.h: include openssl/e_os2.h before checking the 2011-07-08 06:03:17 +00:00
ossl_asn1.c * ext/openssl/ossl_asn1.c: Call INT2NUM only once for GeneralString. 2012-02-08 01:03:16 +00:00
ossl_asn1.h * ext/**/*.[ch]: removed trailing spaces. 2010-04-22 08:04:13 +00:00
ossl_bio.c * include/ruby/intern.h (rb_cloexec_dup): declared. 2011-10-29 11:02:32 +00:00
ossl_bio.h * ext/openssl: all files are reviewed to simplify and avoid memory leak. 2003-09-17 09:05:02 +00:00
ossl_bn.c * ext/openssl/ossl.c: surpress warning: shorten-64-to-32. 2011-03-24 07:29:21 +00:00
ossl_bn.h * ext/openssl/ossl_bn.c: More documentation. 2007-04-03 07:02:44 +00:00
ossl_cipher.c * ext/openssl/ossl_cipher.c: Add warning about key as IV. 2012-02-08 00:29:26 +00:00
ossl_cipher.h * ext/openssl/ossl_pkcs5.c: New module. 2007-04-05 05:59:22 +00:00
ossl_config.c * ext/openssl/ossl_config.c (parse_config): remove dead declaration. 2010-09-29 03:37:44 +00:00
ossl_config.h * ext/openssl/ossl.h: include openssl/conf.h and openssl/conf_api.h. 2003-09-08 10:31:38 +00:00
ossl_digest.c * whitespace cleanup. 2011-11-04 07:19:23 +00:00
ossl_digest.h * ext/openssl/ossl_pkcs5.c: New module. 2007-04-05 05:59:22 +00:00
ossl_engine.c * whitespace cleanup. 2011-11-04 07:19:23 +00:00
ossl_engine.h * ext/openssl/ossl_engine.c: add a new module OpenSSL::Engine. 2003-10-02 08:47:11 +00:00
ossl_hmac.c * ext/openssl/ossl_hmac.c: Revert checking return type of 2011-07-22 04:11:38 +00:00
ossl_hmac.h * ext/openssl: imported. 2003-07-23 16:12:24 +00:00
ossl_ns_spki.c * ext/openssl/ossl_ns_spki.c: Complete documentation. 2011-10-20 17:22:09 +00:00
ossl_ns_spki.h * ext/openssl: imported. 2003-07-23 16:12:24 +00:00
ossl_ocsp.c * ext/openssl/ossl.c: surpress warning: shorten-64-to-32. 2011-03-24 07:29:21 +00:00
ossl_ocsp.h * ext/openssl: imported. 2003-07-23 16:12:24 +00:00
ossl_pkcs5.c * ext/openssl/ossl_pkcs5.c: add note on timing attacks and general 2011-10-20 13:48:21 +00:00
ossl_pkcs5.h * ext/dl/cfunc.c (rb_dlcfunc_call): adjust format. [ruby-dev:31222] 2007-07-15 13:24:39 +00:00
ossl_pkcs7.c * sytle fixes. 2011-06-30 20:20:32 +00:00
ossl_pkcs7.h * ext/openssl/ossl_pkcs5.c: New module. 2007-04-05 05:59:22 +00:00
ossl_pkcs12.c * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER 2011-06-22 08:41:08 +00:00
ossl_pkcs12.h * ext/openssl/ossl_pkcs5.c: New module. 2007-04-05 05:59:22 +00:00
ossl_pkey.c * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_file): set close-on-exec 2011-11-14 13:06:51 +00:00
ossl_pkey.h * whitespace cleanup. 2011-11-04 07:19:23 +00:00
ossl_pkey_dh.c * ext/openssl/ossl_ssl.c: Remove set, but unused variables. 2011-10-19 01:15:35 +00:00
ossl_pkey_dsa.c * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error 2011-11-23 23:15:09 +00:00
ossl_pkey_ec.c * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER 2011-06-22 08:41:08 +00:00
ossl_pkey_rsa.c * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error 2011-11-23 23:15:09 +00:00
ossl_rand.c * ext/openssl/ossl.c: surpress warning: shorten-64-to-32. 2011-03-24 07:29:21 +00:00
ossl_rand.h * ext/openssl: imported. 2003-07-23 16:12:24 +00:00
ossl_ssl.c * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL 2012-02-08 05:27:14 +00:00
ossl_ssl.h * ext/openssl/ossl_ssl.h: parenthesize macro arguments. 2011-03-10 13:28:58 +00:00
ossl_ssl_session.c * ext/openssl/ossl_ssl_session.c (ossl_ssl_session_set_time): Check 2011-06-23 10:36:09 +00:00
ossl_version.h * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol. 2008-04-20 22:32:06 +00:00
ossl_x509.c * ext/openssl/ossl.h: include openssl/conf.h and openssl/conf_api.h. 2003-09-08 10:31:38 +00:00
ossl_x509.h * ext/openssl/ossl_ssl.c (ossl_ssl_peer_cert_chain): add new method 2003-11-01 09:24:55 +00:00
ossl_x509attr.c * ext/openssl/ossl_x509attr.c: parenthesize macro arguments. 2011-03-13 09:11:45 +00:00
ossl_x509cert.c * ext/openssl/ossl_pkey.c (ossl_pkey_new_from_file): set close-on-exec 2011-11-14 13:06:51 +00:00
ossl_x509crl.c * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER 2011-06-22 08:41:08 +00:00
ossl_x509ext.c * ext/openssl/ossl.c: surpress warning: shorten-64-to-32. 2011-03-24 07:29:21 +00:00
ossl_x509name.c * ext/openssl/ossl_x509name.c: Use the numerical representation of 2012-02-08 04:19:33 +00:00
ossl_x509req.c * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER 2011-06-22 08:41:08 +00:00
ossl_x509revoked.c * ext/openssl/ossl_x509revoked.c: parenthesize macro arguments. 2011-03-19 03:30:59 +00:00
ossl_x509store.c * ext/openssl/ossl_x509store.c: Add class documentation for 2012-02-02 22:54:10 +00:00
ruby_missing.h * ext/openssl/extconf.rb: remove checks for available functions. 2011-11-26 01:49:36 +00:00